PoDoFo / Tickets / #62 [r1997] podofotxtextract SEGV caused by PdfFontFactory::CreateFont (line 229) calling PdfObject::GetIndirectKey

#62 [r1997] podofotxtextract SEGV caused by PdfFontFactory::CreateFont (line 229) calling PdfObject::GetIndirectKey

Milestone: SVN TRUNK

Status: open

Owner: nobody

Labels: None

Updated: 2019-08-13

Created: 2019-07-23

Creator: Manh-Dung NGUYEN

Private: No

Hi,
I found a crashing input in PdfFontFactory::CreateFont (line 229).

PoC: https://github.com/strongcourage/PoCs/blob/master/podofo_r1997/PoC_segv_GetIndirectKey
Command: podofotxtextract $PoC

ASAN says:

==7371==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000013 (pc 0x0000004bc1ac sp 0x7ffe3847a8c0 bp 0x7ffe3847a8d0 T0)
    #0 0x4bc1ab in PoDoFo::PdfVariant::DelayedLoad() const /home/dungnguyen/gueb-testing/podofo-code/podofo/trunk/src/podofo/base/PdfVariant.h:555
    #1 0x4bc26d in PoDoFo::PdfVariant::GetDataType() const /home/dungnguyen/gueb-testing/podofo-code/podofo/trunk/src/podofo/base/PdfVariant.h:585
    #2 0x4c62d7 in PoDoFo::PdfVariant::IsDictionary() const /home/dungnguyen/gueb-testing/podofo-code/podofo/trunk/src/podofo/base/PdfVariant.h:197
    #3 0x4d3639 in PoDoFo::PdfObject::GetIndirectKey(PoDoFo::PdfName const&) const /home/dungnguyen/gueb-testing/podofo-code/podofo/trunk/src/podofo/base/PdfObject.cpp:226
    #4 0x51e5b3 in PoDoFo::PdfFontFactory::CreateFont(FT_LibraryRec_**, PoDoFo::PdfObject*) /home/dungnguyen/gueb-testing/podofo-code/podofo/trunk/src/podofo/doc/PdfFontFactory.cpp:229
    #5 0x5152b7 in PoDoFo::PdfFontCache::GetFont(PoDoFo::PdfObject*) /home/dungnguyen/gueb-testing/podofo-code/podofo/trunk/src/podofo/doc/PdfFontCache.cpp:362
    #6 0x53beda in PoDoFo::PdfMemDocument::GetFont(PoDoFo::PdfObject*) /home/dungnguyen/gueb-testing/podofo-code/podofo/trunk/src/podofo/doc/PdfMemDocument.cpp:703
    #7 0x4ba64a in TextExtractor::ExtractText(PoDoFo::PdfMemDocument*, PoDoFo::PdfPage*) /home/dungnguyen/gueb-testing/podofo-code/podofo/trunk/tools/podofotxtextract/TextExtractor.cpp:124
    #8 0x4b9fe7 in TextExtractor::Init(char const*) /home/dungnguyen/gueb-testing/podofo-code/podofo/trunk/tools/podofotxtextract/TextExtractor.cpp:50
    #9 0x4c00b9 in main /home/dungnguyen/gueb-testing/podofo-code/podofo/trunk/tools/podofotxtextract/podofotxtextract.cpp:52
    #10 0x7fc3ec73582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #11 0x4b9ce8 in _start (/home/dungnguyen/PoCs/podofo_r1997/podofotxtextract-asan+0x4b9ce8)

Thanks,
Manh Dung

Matthew Brincke - 2019-08-13

summary: [r1997] podofotxtextract SEGV on unknown address --> [r1997] podofotxtextract SEGV caused by PdfFontFactory::CreateFont (line 229) calling PdfObject::GetIndirectKey

Related

Commit: [r1997]
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

[r1997] podofotxtextract SEGV caused by PdfFontFactory::CreateFont (line...

A PDF parsing, modification and creation library.

Milestone

Searches

Help

#62 [r1997] podofotxtextract SEGV caused by PdfFontFactory::CreateFont (line 229) calling PdfObject::GetIndirectKey

Related

Discussion

Related